Hi experts,
Based on the manual of TZC-400, we could set up at most 8 regions with different security settings.
However, I'm wondering, when a normal world(non-secure) application read or write a specific address, how does the TZC-400 decide whether the address is secure or not?
I think region 1-8 could overlap addresses with each other so I'm confused about how to decide the security of an address.
Any suggestion or discussion is welcomed.
Thank you.
Simon
Hi Simon,
How does the board configure the filter unit 0 for AP / GPU while filter unit 1 for DMA/LCD? I tried to search the firmware code while I don't get where it is.
It doesn't; that diagram is from the TZC-400 Technical Reference Manual as an example system using a TZC-400, not from the Juno documentation.
In practice on most systems you'll configure all filter units to have the same configuration, which is what happens on Juno. You can see here that each region is configured using PLAT_ARM_TZC_FILTERS, which equates to TZC_400_REGION_ATTR_FILTER_BIT_ALL, which in turn collapses to (0xF << 0), i.e. 4b1111. This mask is written to the filter_en field (bits [3:0]) of the corresponding region's REGION_ATTRIBUTES_<n> register. In other words, all configured regions are enabled for all 4 filter units.
Hope that helps.
I really appreciate your answer and patient, hope you have a wonderful thanksgiving!
You too
Ash
Oh I understand the part about connecting filters with regions. Sorry I don't make the question clear.
My question is how to configure the relationship between CPU/GPU/DMA/LCD with those filters. Is there any configuration like CPU needs to connect with filter 0 or DMA needs to connect with filter 3?
In what context?
If you mean something along the lines of "does the TZC-400 mandate that CPUs are connected to filter 0 while DMA engines are connected to filter 3", then no; the 4 filter units are identical in terms of functionality and system designers are free to wire them up however they want.